SUPPLEMENT
OUR AML SOLUTION WILL HELP YOU SEAL THE DEAL
There’s no need to make life complicated, you have three problems; we have one solution! We deliver AML, Sanctions & PEP checks “all-in-one” search, individual checks take 5 seconds, business checks take longer, 1-2 minutes! Daily monitoring of all your clients for Sanction & PEP changes for the lifetime of your contract is included at no extra cost. Automatic enhanced due diligence, biography, adverse media and photographic evidence is also included in your basic AML price.
Call us now to book a free demonstration on:
0113 333 9835 Or visit us online:
POWERED BY
SMARTSEARCHUK.COM SmartSearch delivers UK and International Business checks in the UK and International Markets with inclusive Worldwide Sanction & PEP screening, Daily Monitoring, Email Alerts and Automated Enhanced Due Diligence.
Contents FEATURES
INTERVIEWS
4
– Martin Cheek
The 5th Money Laundering Directive aims to strengthen the money laundering regulations following the Panama Papers, Paris and Brussels terrorist attacks. We speak to Martin Cheek, Managing Director of SmartSearch, to get a handy guide to the changes and the implications for law firms.
8
- Red flags - not just for the beach!
- A platform for change
Compliance with the Money Laundering Regulations can present law firms both large and small with a complex set of policies and procedures, with the Know Your Customer obligations presenting the most burdensome aspect of the regulations.
Amasis Saba, Deputy Head of Business Acceptance, Bryan Cave Leighton Paisner LLP and Chair of the Money Laundering Task Force at The Law Society, discusses the risks posed to law firms from money laundering and financial fraud, how to approach client checks to ensure you’re confident in your assessment processes and what new innovations there are to support you.
26
- Layer cake
David Higginson, Equifax, discusses the ease and availability of false documentation and what multi-layer, alternative methods are available to regulated firms to confirm identity and mitigate fraud risk
Bill Jones, Riliance Training Limited shares the questions many law firms have surrounding professional understanding and development for Regulation 24 of the Money Laundering, Terrorist Financing and Transfer of Funds (Information on the Payer) Regulations 2017 - along with relevant training solutions to inspire confidence and ensure best practice.
Modern Law Magazine is published by Charlton Grant Ltd ©2018
22 24
- Do your homework
- Bill Jones
Experian looks at five key trends in fraud and identity that have either caused a greater risk, or influenced risk, from the threats of digital exposure through to internal fraud.
Rob Hailstone, Bold Legal Group, argues that the importance to conveyancers (and support staff) of dealing comprehensively with due diligence, AML and identification procedures on every file cannot be overstated.
Adam Entwhistle, Partner and Head Of Compliance, JMW Solicitors LLP discusses the impact for both law firms and clients after the introduction of the Money Laundering Regulations 2017 – if customer service would be improved by a clearer understanding of AML procedures as well as the role of new technology in supporting (or threatening) compliance and risk.
16
- The top 5 influencers of fraud
- Adam Entwhistle
12
18
28
- The balance of powers
How can those listed by sanctioning bodies assert their rights to challenge their designations? Also, do those processes appropriately balance the rights of both the designated and the designating body? Eric A. Sohn, Dow Jones Risk & Compliance in the USA, reports.
Co-Editor | Emma Waddingham Co-Editor | Poppy Green Project Manager | Martin Smith Events Sales | Kate McKittrick
All material is copyrighted both written and illustrated. Reproduction in part or whole is strictly forbidden without the written permission of the publisher. All images and information is collated from extensive research and along with advertisements is published in good faith. Although the author and publisher have made every effort to ensure that the information in this publication was correct at press time, the author and publisher do not assume and hereby disclaim any liability to any party for any loss, damage, or disruption caused by errors or omissions, whether such errors or omissions result from negligence, accident, or any other cause.
Pukka Supplement | 3
5th Money Laundering Directive Mandates the Use of Electronic Verification The 5th Money Laundering Directive, published in the European Journal in June of this year, is really an amendment to the 4th Money Laundering Directive. Its aim: to strengthen the money laundering regulations following the Panama Papers, Paris and Brussels terrorist attacks. Martin Cheek, Managing Director of SmartSearch, provides a handy guide to the changes and the implications for law firms.
4 | SmartSearch Supplement
The Directive’s aims are two-fold; firstly, to counteract terrorist financing and secondly to increase transparency of financial transactions fine-tuning the 4th Directive. Although the UK is due to leave the EU the UK Government has committed to implement the Directive to ensure its position as a major international financial player. Member states will have until late 2019 to implement the Directive.
Electronic Verification Regulated businesses have always been able to use electronic verification as an alternative or supplementary to traditional documents such as passports, driving licences and utility bills in the UK. Yet the 5th Directive explicitly stipulates the use of Electronic Verification when undertaking Customer Due Diligence and Know Your Customer procedures.
SmartSearch Supplement | 5
”
Although the UK is due to leave the EU the UK Government has committed to implement the Directive to ensure its position as a major international financial player. Member states will have until late 2019 to implement the Directive.
”
In the preamble to the Directive lie the following comments: “Accurate identification and verification of data of natural and legal persons are essential for fighting money laundering or terrorist financing. The latest technical developments in the digitalisation of transactions and payments enable a secure remote or electronic identification”. It then goes on to state: “Those means of identification as set out in Regulation (EU) No 910/2014 of the European Parliament and of the Council should be taken into account, in particular with regard to notified electronic identification schemes and ways of ensuring cross-border legal recognition, which offer high level secure tools and provide a benchmark against which the identification methods set up at national level may be checked. In addition, other secure remote or electronic identification processes, regulated, recognised, approved or accepted at national level by the national competent authority may be taken into account”. Not all European countries have electronic identification services but the UK has a long-standing acceptance of such methods of identification that are also recognised by national authorities.
PEP Lists The Directive also sets out that member states will be required to produce lists of prominent public functions, i.e. a list of politically exposed persons (PEP). However these lists will not give you the specific names, just the position of these individuals and there will still be the need for commercial PEPs and sanctions providers that collate and maintain these databases.
Central Registers of Beneficial Owners Whilst the UK has tended to ‘gold plate’ the money laundering directives when enacting them into legislation, many other European Members have not. The 5th
6 | SmartSearch Supplement
Directive will mandate that all member states will be required to create central registers of beneficial owners while the need to demonstrate a legitimate interest will be eliminated except for trusts and similar legal arrangements. In addition, member states will be required to allow access to beneficial ownership information on corporate and other legal entities in a sufficiently coherent coordinated way, through central registers in which beneficial ownership information is set out. This will be achieved by establishing a clear rule of public access, so that third parties are able to ascertain throughout the EU, who are the beneficial owners of corporate and other legal entities. Access will comprise as a minimum the beneficial owner’s name, month and year of birth, country of residence and nationality. Member states must implement mechanisms that ensure that the information is up to date and ensure effective sanctions in case of a breach.
High Risk Countries Enhanced due diligence measures will be required in relation to customers from high-risk countries identified by the European Commission. A new section introduces a set of strict enhanced due diligence measures that regulated firms will have to perform, such as more robust checks on the customer, the purpose and nature of the relationship, the source of funds and monitoring transactions.
Bank Account and Safe Deposit Boxes Under the 5th Directive anonymous bank accounts, savings accounts and safe deposit boxes will be abolished. All member states will be required to create central registers or central electronic data retrieval systems by 10 September 2020, which will be for the identification of any natural or legal person’s identity. This information will also be directly accessible by financial intelligence units (FIUs) and national competent authorities.
Virtual Currency Exchange Platforms and Custodian Wallet Providers The Commission stated that recent terrorist attacks have brought to light an emerging new trend, which is the use of virtual currencies to facilitate terrorist financing and money laundering. The 5th Directive responds to these risks through several key amendments. This expands the scope of ‘obliged entities’ to cryptocurrencies which were previously limited to financial institutions, accountants and lawyers and now expands to virtual currency exchange platforms (VCEP) and custodian wallet providers (CWP). VCEPs and CWP will have to register with national authorities, undertake customer due diligence, monitor transactions and report suspicious transactions. By imposing these requirements, the Directive will enable FIUs to build information required to monitor and detect terrorist financing and money laundering through virtual currencies. It will also give FIUs direct access to information held by obliged entities regardless of whether these entities have filed suspicious activity reports.
10,000 EUR in one or more transactions; all forms of tax advisory services (i.e. any person who provides directly any assistance or advice on tax matters) and estate/letting agents where the monthly rent is 10,000 EUR or more.
Summary Member states will now have to amend existing legislation or create new laws to enact the 5th Directive. In the UK, the Government will make amendments to the money laundering regulation 2017 which came into force last year or create a whole new piece of legislation; this normally goes out for a three-month consultation process for comment. Firms need to be aware that more legislation is coming, and it will be interesting to see how other member states implement the requirements of the central registers of beneficial owners. We will have to wait and see.
Martin Cheek
is Managing Director of SmartSearch
The 5th Directive also increases the transparency of virtual currency transactions executed without VCEPs and CWPs. As a result, the Directive requires member states to create central databases comprised of virtual currency users’ identities and wallet addresses.
Pre-Paid Cards The threshold for identifying holders of pre-paid cards will be lowered from the current level of 250 EUR to 150 EUR. Online use of such cards will be limited to a maximum of 50 EUR and member states will be able to lower these limits but not increase them.
New Regulated Sectors The 5th Directive also brings in new business sectors for the first time: art dealers in respect of any transaction over
”
A new section introduces a set of strict enhanced due diligence measures that regulated firms will have to perform, such as more robust checks on the customer, the purpose and nature of the relationship, the source of funds and monitoring transactions.
”
SmartSearch Supplement | 7
”
Without issuing any guidance, the SRA is silently following this convergence in the legal sector of firms gravitating towards electronic verification, which is proving really efficient for client onboarding.
”
Clean and clear
Modern Law speaks to Adam Entwhistle, Partner and Head Of Compliance, JMW Solicitors LLP about the impact for both law firms and clients after the introduction of the Money Laundering Regulations 2017 – if customer service would be improved by a clearer understanding of AML procedures and why they’re important as well as the role of new technology in supporting (or threatening) compliance and risk.
8 | SmartSearch Supplement
”
I personally don’t think the SRA does anything near enough, unlike the Law Society that offers useful resources, runs a dedicated taskforce and issues guidance approved by HM Treasury. We either need to leave it to the Law Society completely or the SRA needs to up its game.
Q A
What has been the effect since the Money Laundering Regulations 2017 were implemented?
If you were compliant with the former regime and had documented processes, then the only real tangible change of note would be consideration of UK politically exposed persons (PEPs). But it really depends on the size of the firm. Small firms, I imagine, will have felt increased burden because even though the new regulations brought few significant changes, there were a couple of subtle changes, such as the requirement for a documented risk assessment. Plus many smaller firms are still not routinely using electronic verification and seem to be doing it the old fashioned way with passports and utility bills. Given the heightened risk of fraud and money laundering in conveyancing, I don’t really blame them for insisting on ID documents, but screening software is equally important and assists with ongoing risk assessments - another thing on the endless list of compliance requirements in an increasingly unstable regulatory environment.
Q
What practical advice would you offer since the revised regulations and what steps should firms be taking?
A
Firms need to be looking at electronic verification and screening, particularly with UK PEPs being caught by the regulations - people holding such positions are more vulnerable and susceptible to becoming involved in fraud, money laundering and embezzlement. Without screening software, it is very difficult and labourintensive to perform equivalent searches yourself and you also have the challenge of explaining to clients the rationale for enquiries that may seem unusual. There are all sorts of software out there now to verify bank details received from other law firms or individuals as part of transactions – these pieces of software are great but they all come at a cost – firms need to choose a combination that is proportionate to the money laundering risks posed. Without issuing any guidance, the SRA is silently following
”
this convergence in the legal sector of firms gravitating towards electronic verification, which is proving really efficient for client onboarding. Law firms should also be ensuring that their employees have read the Law Society guidance, which is practical.
Q
Is there enough emphasis on AML procedures from UK Legal Sector Regulators, and how can this be improved?
A
There has been an increased emphasis on ‘dirty money’, particularly in the London property market, and a real drive towards transparency. I don’t think the regulators, up until very recently, seem to be doing any more than we are used to. I personally don’t think the SRA does anything near enough, unlike the Law Society that offers useful resources, runs a dedicated taskforce and issues guidance approved by HM Treasury. We either need to leave it to the Law Society completely or the SRA needs to up its game. The FCA also offers really detailed guidance on procedures to undertake.
Q
How can we better improve public education about AML, and therefore help better customers’ understanding?
A
All the initiatives designed to improve transparency are going to help with this. Awareness is improving but I don’t necessarily think it is properly translated into how it applies to a law firm’s requirements. We get a lot of questions from clients when we ask for ID as they seem to think that unless they are on a watch list we shouldn’t need much information. We do have to ask a lot of questions because the risks are there, but it can appear intrusive. There has always been a tension between AML due diligence and data protection rights, but it has become even more apparent as individuals appreciate their rights under GDPR. It is about getting the balance right and
SmartSearch Supplement | 9
”
We get a lot of questions from clients when we ask for ID as they seem to think that unless they are on a watch list we shouldn’t need much information. We do have to ask a lot of questions because the risks are there, but it can appear intrusive.
”
asking enough questions to satisfy ourselves that there is nothing untoward about the client’s instructions. We try to educate our clients by explaining why we are having to do this and why it is important – most people will have come across this way of working and these types of secure systems before, but there are still a lot of clients who aren’t clued up. We have to work together on it – we rely on the cooperation from our clients. I am as equally worried about the education of lawyers, not just the public’s. We should also be looking at the level of education lawyers receive about AML. Lawyers have had the same old courses for a number of years, but they tend to focus on the black letter law and are not practical enough. Straight from law school, lawyers are expected to have a range of capabilities and knowledge of all areas – you touch on anti-money laundering but you don’t do a great deal on it and so experience can depend on exposure. Software can help in practice but it only maps out the information harvested and you need to be able to assess the risks. The SRA and the people involved in prescribing the requirements for lawyers need to think about how the training can aid lawyers’ understanding of the structures that are used for money laundering.
Q
How is technology evolving to help support compliance and risk procedures, and what can we expect to see from further technological advancements?
A
A lot of companies are offering biometric checks – it is quite early days and there is not a lot of guidance but people will start using it more as the public become more comfortable with technology. There is still a big risk of fraud with electronic ID; I don’t know whether biometric technology will improve that but hopefully it will. We need to be able to assist lawyers with checking funds –none of the software out there at the moment offers a solution, and that needs to change!
10 | SmartSearch Supplement
I would also like to see a secure portal where clients can upload their ID for any regulated professional to check, instead of having to provide it to numerous professionals during the same transaction.
Q
How is technology changing the way money laundering is conducted and what signs should we be looking out for?
A
Cryptocurrency has a bad name – people have made a lot of money through the fluctuations of bitcoin in the last year but certain banks are uncomfortable accepting those profits when lending against a property because the origin of those funds is so opaque. I think there are plans to address this through another European directive, which probably won’t apply to us directly if we are outside of the EU at that time. I was at the Law Society risk and compliance conference in Leeds a few weeks ago and there was a session on blockchain. What became apparent was that the speakers had a high level of knowledge that the delegates would not have any idea about. It can be quite frustrating for people in that position as this could be a game changer but they are being told that they need to adapt to something they just don’t understand yet. But this has happened before, for instance when firms were told a few years ago that unless they started looking at digital marketing they would lose clients and potentially go out of business – there is a lot of scaremongering at the moment. It is always difficult to know what the current threat is because it seems to constantly be changing, making it a complex sector at the moment.
Q
What other risks does the sector need to be aware of in the next year, and how will JMW Solicitors be preparing for these?
”
It is always difficult to know what the current threat is because it seems to constantly be changing, making it a complex sector at the moment.
A
”
There is so much going on at the moment with new regulations and such massive changes like GDPR. Firms needs to get better at data protection compliance as it has been quite poor – people forget that it is not just their clients but their employees as well and all the other people that they deal with within the commercial transaction. I think firms need to get a lot better at organising and managing the information that they hold and get to grips with the privacy regulations. The profession doesn’t have a great understanding of GDPR, so we need to up our game.
JMW Solicitors LLP.
”
I am as equally worried about the education of lawyers, not just the public’s. We should also be looking at the level of education lawyers receive about AML.
Adam Entwhistle, Partner and Head Of Compliance,
”
SmartSearch Supplement | 11
”
Professional baddies will work to remove as much negative publicly available information about themselves as they can…consider what you will ask them to help you understand if the information they give you may need to be verified.
”
Do your homework Modern Law caught up with Amasis Saba, Deputy Head of Business Acceptance, Bryan Cave Leighton Paisner LLP and Chair of the Money Laundering Task Force, to understand more about the risks posed to law firms from money laundering and financial fraud, how to approach client checks to ensure you’re confident in your assessment processes and what new innovations there are to support you.
12 | SmartSearch Supplement
”
Pay special care when someone tries to pay for a transaction with profits from a cryptocurrency sale. The income may well be legitimate, but it is up to you to decide whether to check whether they really bought the currency when they say they bought it and sold it for us much as they say they did.
Q A
What makes law firms particularly vulnerable to money laundering and financial crime?
The respectability, knowledge and credibility the UK legal sector brings are highly sought after by criminals. This can be exacerbated by the complex services that they perform. Buying and selling property, managing client money, trust and company services and creation of companies are all activities regulated under the Money Laundering Regulations and therefore recognised by the government as potentially of interest to criminals. Buying a property with a long-standing UK law firm’s seal of approval is a neat way to integrate illegitimate funds into the economy and it is in the criminal’s interests to be as slick and professional as possible to avoid detection by the firm. This makes it much harder to spot criminals. It is not just law firms who can be targeted by money launderers. Last year’s National Risk Assessment also identified financial services, cash and money services and the accountancy sector as ‘high-risk’. The UK’s reputation as a large financial centre means we all need to put adequate procedures in place to mitigate the risk of being exposed to illicit finances. The good news is that effective AML policies, controls and procedures should enhance your understanding of your client and prevent reputational damage.
Q A
What should law firms be looking out for if trying to spot money laundering activity?
At its simplest, things that don’t make sense. Transactions or instructions that are particularly unusual or out of the ordinary for your firm, or the presence of any other warning signs in Chapter 12 of the Legal Sector Affinity Group AML Guidance. Ultimately, you need to be happy that you understand the transaction and the commercial rationale behind the work that you are doing. Having obtained CDD do you review it or just treat it as admin? A number of cases have emerged recently where lawyers and other professionals have come into criticism (not always fairly) for not properly reviewing the documentation they had received.
”
In one case my firm received a letter regarding the sources of funds to be used in a transaction from a well-known bank. However, on further inspection, the signatories to the letter did not seem to be at a sensible level to sign such a document and the wording used was odd. We soon realised that the letter was fake. Don’t take documentation at face value; review what you get and remember that this vigilance is critical not just on day one but day 301 of the client relationship. Ongoing monitoring is very important – if a client passes initial checks but changes their instructions without explanation a few days later, it may be worth reassessing the original risk rating you gave the client and the matter. If the nature of your client’s relationship or their business changes significantly in a short space of time, ensure you understand why. Serious criminals may invest time to integrate themselves with your firm though innocuous mandates before beginning criminal activity. Ultimately, what you are looking for is anything that indicates an unusual pattern of behaviour. Special rules apply to higher-risk clients, for example PEPs or clients from high-risk EU jurisdictions. For them, enhanced due diligence, including source of funds and potentially source of wealth checks, will be required to make sure you feel satisfied that the funds they intend to use for the transactions (fees excepted) are derived from a legitimate source.
Q A
How can law firms protect themselves and ultimately prevent money laundering?
The UK has one of the most comprehensive AML regimes in the world. If you observe all your obligations in the Money Laundering Regulations and the Proceeds of Crime Act 2002 and follow the advice issued by your regulator in their sector risk assessment and through their warning notices, you will be fine. Information on what these obligations are, are available on the Law Society’s website. A whirlwind tour of your obligations includes a firm-wide risk assessment; client and matter risk assessments tagged on to all files covering regulated transactions; clearly documented policies, controls and procedures to make sure the right checks
SmartSearch Supplement | 13
”
The key to great AML compliance is to treat compliance as more than just a tick-box exercise. Pay attention – really pay attention – to your client’s behaviour, their reasons for the transaction and any surrounding circumstances.
”
are done at the right time; adequate training procedures; internal reporting procedures and, of course, knowledge of when to make a suspicious activity report to the National Crime Agency. Some additional obligations in the Money Laundering Regulations are based on your size and risk profile; it is up to you to decide whether these procedures (for example, external auditing of your AML compliance) are warranted by the size and nature of your firm. The key to great AML compliance is to treat compliance as more than just a tick-box exercise. Pay attention – really pay attention – to your client’s behaviour, their reasons for the transaction and any surrounding circumstances. If anything about the transaction is out of the ordinary, look into it further. Make your own judgment on how to proceed (or ask your MLRO for help) and document it - for your own records and to have a paper trail to show to your regulator if they knock on your door.
Q
What new technologies could be utilised in order to improve protection against money laundering and financial crime?
A
There are a number of tools available that can enhance your AML capacity. These can range from online suppliers of PEP and sanctions lists, automated or assisted online CDD solutions and even case management software linked to AI/machine learning designed to assist with transaction monitoring. The huge variety of the UK legal sector means there is no one size fits all. However, the technology is only ever as good as the people using it and the culture of the firm they are in. Having a positive compliance culture and understanding the business benefits good AML practices brings is always one of the most important elements of a firm’s protection against money laundering. If you do choose to use AML technology, reference it as a control in your firm-wide risk assessment and document the risk(s) the technology is addressing.
Q
Have the development and evolution of technology had any disadvantages when trying to overcome money laundering and financial crime?
14 | SmartSearch Supplement
A
The ease with which people can manipulate what can be found about them online can be a challenge. Professional baddies will work to remove as much negative publicly available information about themselves as they can. You are not expected to be MI5, but if you are looking to understand your client’s business and can’t find anything about them or their background, consider what you will ask them to help you understand if the information they give you may need to be verified.
Q
How key is data when understanding clients and risk assessing them?
A
You cannot carry out a risk assessment on a client you know nothing about! It will be difficult to assess the risk profile of your firm if you cannot establish and evidence your client profile. If you don’t know what type of clients you would consider ‘normal’, it will be harder to establish which clients should be higher risk. Many firms previously will have done this by ‘gut instinct’. This is no longer sufficient. Consider your clients’ jurisdiction, the industry they are involved in, what they are asking you to do for them etc. Once you have established these (Chapter 2 of the AML Guidance can help here) make sure you are confident that you have the data needed to properly complete your risk assessment.
Q
How have the new anti-money laundering regulations 2017 been received within the industry?
AThe SRA thematic review in March this year illustrated good levels of compliance with the new Regulations. It’s worth noting that the SRA started gathering data for the thematic review in summer 2017, very shortly after the Regulations came into force. Even so, 96% of the firms the SRA visited had policies, controls and procedures in place and most firms had adequate CDD practices.
At the same time, I think everyone feels equally strongly that the relationship between the compliance burden and the illicit funds recovered by the National Crime Agency (NCA) as a result of our efforts is off-balance. The regulatory net is thrown extremely widely, meaning we have to expend vast resources on compliance, but the NCA’s annual accounts 2016-2017 show that £28.3m worth of assets were recovered in that period (an additional £82.8m were denied to criminals in other ways). This clearly shows that far more could be done to target the UK’s AML framework.
Q
How is The Law Society continuing to promote the importance of AML and CDD procedures to law firms?
A
The Law Society took the lead in shaping the legal sector AML guidance on the 2017 Regulations. The document is the most comprehensive free source of information out there on compliance with the letter of the law and on best-practice across the range of AML-related legislation and obligations. Bite-size pieces and articles on compliance, including CDD, can be found on The Law Society’s website. Those interested can subscribe to a regular newsletter on the latest policy developments or sign up to one of our many AML events throughout the year. Our next big event is the annual AML conference on 21 November 2018. One of the sessions will cover the basics of the Regulations, including CDD. If you need of advice, you can call The Law Society’s confidential AML Helpline; they can offer practice (not legal) advice on all issues linked to AML.
A
The EU’s Fifth AML Directive (5AMLD) will bring in several changes by the end of 2019, regardless of the outcome of Brexit. The Directive means that the UK will be obliged to set up registration for new types of trusts, for example express trusts and overseas trusts that ‘enter into business relationships’ in the UK (whatever that means). Separately, the UK will bring in a register of beneficial ownership for UK property owned by overseas companies and other legal entities by 2021, so transparency is advancing rapidly in this field and we will need to adapt to new rules. The Law Society will work to make sure that any new rules are reasonable and proportionate. Cryptocurrencies continue to attract a lot of attention and cryptocurrency providers will now be regulated under 5AMLD. Pay special care when someone tries to pay for a transaction with profits from a cryptocurrency sale. The income may well be legitimate, but it is up to you to decide whether to check whether they really bought the currency when they say they bought it and sold it for us much as they say they did. The outcome of this year’s Financial Action Task Force review of the UK’s AML regime may also lead to further tightening of some aspects of the UK’s system. We are expecting the report to be issued towards the end of 2018 – let’s hope it recognises the work we already put in to spotting criminals. Finally, ensuring you understand the interplay between AML and GDPR compliance.
Behind the scenes, the Money Laundering Task Force is working hard to ensure that the compliance burden on the profession is kept in mind whenever the government issues new legislative or policy proposals. We want an efficient and effective AML framework that targets financial crime without wasting resources on low value activities. One example is our recent response to the Law Commission’s consultation on the UK’s SARs regime. We want to report things that will stop organised crime. We don’t believe intelligence on a one-off breach of a Tree Preservation Order will be of much use to the UK Financial Intelligence Unit. And yet, the way the SARs regime currently works, an hour or so has to be spent submitting a SAR on this.
Q
Are there other risks firms need to be aware of in the coming year?
”
Don’t take documentation at face value; review what you get and remember that this vigilance is critical not just on day one but day 301 of the client relationship.
”
SmartSearch Supplement | 15
”
Online AML training has become very popular and is now the chosen option for many law firms.
Anti-Money Laundering Training: Best Approach
”
Regulation 24 of the Money Laundering, Terrorist Financing and Transfer of Funds (Information on the Payer) Regulations 2017, states that regulated organisations must provide anti-money laundering (AML) training to relevant employees. Bill Jones, Riliance Training Limited shares the questions many law firms have along with relevant training solutions to inspire confidence and ensure best practice. I have emphasised the word ‘must’ because under the regulations it is a criminal offence for an individual or entity to contravene the requirements of Regulation 24. This tells you a little bit about the government’s approach to AML training and the importance of it. It must be quite exceptional for professional organisations to be exposed to specific criminal proceeding if they fail to provide appropriate training. I visit and talk to law firms throughout the UK about AML prevention measures and often this involves discussions about AML training and how best to cater for this. I have seen a pattern emerging which demonstrates that whilst Money Laundering Reporting Officers and others involved with compliance are reasonably knowledgeable on the subject of money laundering risks and prevention those fee
16 | SmartSearch Supplement
earners at the coalface of transactional work are not being sufficiently educated on the topic. Money laundering activity is a massive threat to law firms and by far the best way of minimising this threat is to ensure that relevant fee earners and administration staff are properly trained. It is essential that they understand the money laundering risks involved when carrying out their day-to-day transactional work. They need to know what they should be looking out for and in particular how they should deal with activity they regard as suspicious. When considering AML training a good place to start is the regulations. Training is covered by Regulation 24; this requires that firms carrying out regulated work must:
You must give your employees relevant training at regular and appropriate intervals. In determining whether your training programme meets this requirement, you should have regard to the practice’s risk profile and the level of involvement certain staff have in ensuring compliance.
(a) Take appropriate measures to ensure that its relevant employees are: (i) Made aware of the law relating to money laundering and terrorist financing, and to the requirements of data protection, which are relevant to the implementation of the Regulations; and (ii) Regularly given training in how to recognise and deal with transactions and other activities or situations which may be related to money laundering or terrorist financing;
You should consider retaining evidence of your assessment of training needs and steps taken to meet such needs. You should also consider: • criminal sanctions and reputational risks of noncompliance • developments in the common law • changing criminal methodologies.
(b) Maintain a record in writing of the measures taken to train relevant employees. A relevant employee is an employee whose work is either (a) relevant to the organisation’s compliance with any requirement in the regulations, or (b) otherwise capable of contributing to the identification or mitigation of the risk, prevention or detection of money laundering and terrorist financing to which the organisation’s business is subject.
You should take a risk-based approach to determining how often training should take place. Some type of training every two years is preferable.
The Legal Sector Guidance published by the Law Society in March 2018 provides helpful guidance on what law firms should do in order to meet their training obligations under the regulations. This is what the Legal Sector Guidance says about AML training: Your staff members are the most effective defence against launderers and terrorist financiers who would seek to abuse the services provided by your practice. Professional regulatory requirements may also oblige you to train your staff to a level appropriate to their work and level of responsibility. You may consider providing relevant employees with appropriate training and equipment to help identify forged documents. When setting up a training and communication system you should consider: • Which staff require training • What form the training will take • How often training should take place • How staff will be kept up-to-date with emerging risk factors for the practice Assessments of who should receive training should include who deals with clients in areas of practice within the regulated sector, handles funds or otherwise assists with compliance. Consider fee earners, reception staff, administration staff and finance staff, because they will each be differently involved in compliance and so have different training requirements.
In summary, to be compliant and effective, your firm’s AML training programme should cater for: • Initial AML training for all relevant employees and principals • Ongoing AML training at regular and appropriate intervals to ensure that relevant employees and principals are (a) kept up to date on changes in the law relating to money laundering and the financing of terrorism and (b) able to recognise and deal with suspicious activity. While face-to-face training has its advantages, it does require a commitment to allowing staff time off to attend internal and/or external courses and this will have an impact on valuable fee earning time and cost - especially as regular ongoing training is a requirement under the regulations. Online AML training has become very popular and is now the chosen option for many law firms. A good online training provider will ensure that training material is always kept up-to-date and will be delivered on an ongoing basis. This way your employees and principals will receive effective and consistent initial and ongoing refresher AML training. When considering online training solutions make sure that: your training provider can offer a training platform that all relevant staff can access 24/7; allow users and training administrators to automatically record any training undertaken, and; produce multiple training reports to assist with both training management as well as the ability to demonstrate compliance with the regulations.
Bill Jones
is the Chairman of Riliance Training Ltd (www.riliance.co.uk) and can be contacted by email at bill.jones@riliance.co.uk.
Training can take many forms and may include: • face-to-face training seminars • completion of online training sessions • attendance at AML/CTF conferences • participation in dedicated AML/CTF forums • review of publications on current AML/CTF issues • practice or practice group meetings for discussion of AML/CTF issues and risk factors. Providing an AML/CTF policy manual is useful to raise staff awareness and can be a continual reference source between training sessions.
He is a lawyer that specialises in providing AML guidance to law firms and is a member of the Law Society’s AML directory of AML specialists.
”
It must be quite exceptional for professional organisations to be exposed to specific criminal proceeding if they fail to provide appropriate training. SmartSearch Supplement | 17
”
�
It has become much rarer for fraudsters to imitate their victims in person and this shift requires new tools that are fit for this purpose.
�
The top 5 influencers of fraud Nick Mothershaw, Experian UK, looks at five key trends in fraud and identity that have either caused a greater risk, or influenced risk, from the threats of digital exposure through to internal fraud. We have seen through the recent Experian UK & I Fraud Report1, of which this is an extract from, how fraud detection has increased. The challenge however, is that the risk of fraud overall has increased. Businesses across the globe acknowledge this rising threat and many have
18 | SmartSearch Supplement
recorded more than 20% increase in fraud rates in the past year. What is certain is that fraud needs to be understood. By understanding it you can better equip your business to reduce the burden of fraud and better protect, and serve, your customers.
1
Fraud and the Digital economy With more people using mobile, the Internet and tablet devices as a means to interact and transact, we see more digital exposure to fraud. It’s therefore perhaps not surprising that cybercrime is starting to dominate fraud – and is now accounting for a large proportion of all committed fraud and identity theft. Those who are the most tech-savvy are also experiencing most of the identity fraud cases. There is now more personally identifiable data being transmitted on the Internet, leaving the owner much more vulnerable. The days of imitating someone in person are starting to dwindle. Today, businesses and people need to grapple with proving and validating identities that are hidden behind a computer: virtual identities. What is important to note is that while cybercrime in some respects is relatively new, in some cases, the acts of fraud committed from cybercrime aren’t that sophisticated or pioneering. We see fraudsters impersonate companies, plant viruses as well as data hacking and account cloning. The more we conduct our lives online, the more vigilant we need to be and the smarter you need to be at prevention and detection.
SmartSearch Supplement | 19
2 3
Younger people increasingly targeted as fraudulent applications against over 50’s drop Fraudulent credit applications against people in their 20’s have soared in the last three years. The proportion of frauds against those aged under 30 has risen by 6% since 2014, while those aged 50 and up have experienced a decrease of 8.4% over the same period. Young people are increasingly falling foul of fraudsters who see them as a more accessible target to open an account. They are more interested in getting an account open so they can use it for money laundering, or to establish a footprint at the bank for further fraudulent activity. Young people are more likely to live their lives online, so there is a good chance they will not be monitoring their post for statements as they most likely choose not to receive physical statements (only three in 10 do2). They are more likely to live in accommodation with shared mail areas, which provides an opportunity for fraudsters to intercept their post when the new plastic arrives. The 60-plus cohort has experienced the sharpest decline in fraud attacks, down 5.8%, suggesting they have heeded advice to monitor their statements for suspicious activity, and given scam emails a wide berth. We can see this translate throughout research where they evidently used a range of passwords online as a means of protection (Those 55+ have on average 11 passwords, with ‘Millennials’ having just three).
UK’s online identity habits revealed: Have we reached ‘peak password’? Experian research has revealed a growing divide across generations. This split is particularly evident in the way the UK population manages its online identities. The younger generation appears to be more driven by convenience and rarely has more than five unique passwords. They are also far more likely to log in to multiple accounts using a single social media online ID. As we have heard, this digital exposure is making them more vulnerable. With paper identities now becoming mostly obsolete when it comes to digital verification. It is much easier to pretend to be another person when you are hidden behind a screen. It has become much rarer for fraudsters to imitate their victims in person and this shift requires new tools that are fit for this purpose. It’s perhaps no surprise that a high proportion of over 55s state that most of their accounts are paper-based. This is a result of concerns about remembering passwords and concerns over the security of online accounts. Over the past 60 years, we have witnessed a huge transformation in the tools criminals use to commit fraud. But the use of a password to protect has remained largely stagnant. This exposure can mean fraudsters can access even more data that is much more sensitive and valuable information than ever before. We’re not looking just at financial losses from bank account withdrawals but right across to accessing social accounts which can be equally costly and detrimental to people.
20 | SmartSearch Supplement
”
Today…to transact online you will need to supply a password as a form of validating your payment as legitimate. Tomorrow you may need something more sophisticated like a token or biometric information to prove it is you.
”
Protecting payments from fraud: the PSD2 and the PSR’s response to Bank Transfer Fraud The Second Payments Directive
4 5
The PSD2 (Second Payments Services Directive) will enforce, and transform, the way security is applied to payments. The aim is, from a customer point of view, to make the transaction process much more secure to prevent fraud. We will also most likely see strong customer authentication start to shift application fraud – with Current Accounts being even more targeted as other methods become harder to target or commit fraud against. For example, online payment fraud. Today, in many cases, to transact online you will need to supply a password as a form of validating your payment as legitimate. Tomorrow you may need something more sophisticated like a token or biometric information to prove it is you.
Transaction Risk Assessment In addition to this, there is a new regime around what is called transaction risk assessment (TRA). The TRA defines how you need to assess each transaction in real-time to determine the fraud risk. If there is any hint of fraud risk then stronger authentication must be used in that case; if the fraud risk is lower, then it could be exempt.
PSR responds to push payments Also, affecting payments is the Payment Services Regulator’s (PSR) response to bank transfer fraud and payment errors as a result of the Which? super complaint. Recently the PSR has requested both banks and industry do more to protect customers when it comes to bank transfer payments. It would, therefore, be vigilant to check all bank accounts within the payment process to help protect customers against any identifiable, or unnecessary risks.
The threat of internal and employee fraud According to research from Cifas, there has been a 60% increase in account fraud where unauthorised activity was made by staff on a customer’s account without permission. Other types of fraud include CV fraud. 12% of candidates put false grades on their application, and 38% of those 25-32 have concerning discrepancies on their CV (according to the Risk Advisory). You need to weigh up the risk of having no-one in the role while the necessary checks are done, and someone potentially risky in it. To me, this is an obvious decision. And, with the right recruitment strategy, you won’t need to be without an employee either – or at very least, not for long. By the very nature of your business, your employees have access to sensitive and valuable information – both financially valuable and personally valuable. You, therefore, need to be vigilant and put in place the appropriate controls and checks across all your business areas as a means of protecting such information.
Nick Mothershaw is Director of Identity & Fraud Solutions, Experian UK
1 engage.experian.co.uk/uki-fraud-report-2017
2 experian.co.uk/assets/business-services/population-data-appetite.pdf
SmartSearch Supplement | 21
”
Red Flags –
Prevention of fraud is better than cure and conveyancers are on the front line.
”
Not just for the beach! Can one get too much of Dreamvar? No, the importance to conveyancers (and support staff) of dealing comprehensively with due diligence, AML and identification procedures on every file cannot be overstated as Rob Hailstone, Bold Legal Group, reports. Brief Background For anyone who lives in a cave and who has not heard about the recent cases, here is a summary: Dreamvar is the result of two appeals that were heard together; namely P&P Property Limited v Owen White & Catlin LLP and Dreamvar (UK) Ltd v Mishcon de Reya [2018] EWCA Civ 1082. These cases involved similar facts and featured a newer form of fraud, typically referred to as ‘fraudulent seller’ cases. In both cases, a fraudster, posing as a seller, instructed a firm of solicitors in relation to the sale of a high value, unmortgaged property. The ‘seller’ did not meet their solicitor. The transactions purported to complete – but the purchase money was paid away by the seller’s solicitor to fraudsters (in the case of Dreamvar ultimately via another firm of solicitors also acting for seller) and was not recovered. As such, therefore, legal completion did not take place. In the words of Patten LJ:”The vendors had no title and the
22 | SmartSearch Supplement
transfers were forgeries. Since completion did not take place, the vendor’s solicitors had no authority to release the money to their clients or otherwise to dispose of it in accordance with their instructions. The purchase monies should have remained in their account to await either a genuine completion of the sale or further instructions from the purchaser’s solicitors”.
The Decision In the Dreamvar case, well known firm, Mishcon de Reya (’Mishcon’) acted for Dreamvar, the defrauded buyer and the firm admitted breach of trust – but the question of who should shoulder the liability for their buyer client’s loss was considered. The Court of Appeal accepted the proposition that Mishcon was: “… insured for events such as this, and that its insurance cover is sufficient to cover in full the loss suffered, should it not be excused from liability… it is apparent that [Mishcon] (with or without insurance) is far better able to meet or absorb it than Dreamvar.
“Dreamvar has no recourse against [the seller’s solicitor], and (it appears) no practical likelihood of either tracing or making any recovery from the fraudster. As a result, the only practical remedy it has is against [Mishcon].” The Court of Appeal confirmed that Mishcon could pursue the seller’s solicitor for an indemnity for their losses. However, making Mishcon pay because they could afford it would suggest that, by virtue of having comprehensive professional indemnity insurance in place, conveyancers have now been put in the position of effectively guaranteeing their clients against losses incurred due to property fraud. There are a number of important elements to the decision relating to breach of warranty of authority, the significance of the Law Society’s Code for Completion by Post and the far-reaching implications of the finding of breach of trust and the refusal of the Court to grant relief against the breach of trust, despite the fact that Mishcon had acted reasonably and honestly. The barristers from Radcliffe Chambers who acted for Mishcon, have produced a comprehensive discussion of these aspects and a copy can be obtained from me (contact details below). This discussion paper highlights the importance of conveyancers knowing their clients and carrying out proper identification procedures.
Red Flags Red flags are nothing new. The Law Society and the Land Registry produced a joint practice note, ‘Property and Registration Fraud’ in 2010 (recently updated) and many of the red flags that appeared in the subsequent cases were listed as risks. Perhaps the significance of this fact is that, despite being warned of the risks as far back as 2010, firms are still being caught, which implies that the message might not be getting through. The most commonly quoted red flags are: • Absent owner • Owner/seller living abroad • Sellers lack of knowledge about the property • Where the seller lives at a different address from the property and has no documentary evidence linking seller to the property • Empty property • Unencumbered (no mortgage) • High value
own solicitors to have carried out the necessary AML checks as they are required to do under the MLR. It can therefore be said that the focus of the claims in these cases is on the duty of the vendor’s solicitors to take reasonable care to ensure that the transaction is a genuine one”. Conveyancers might want to consider taking the following steps: - Reviewing identification procedures – who should take copies of the identification documents and is it possible to spot a forgery? - Talk to their professional indemnity insurer to establish the insurer’s guidance and requirements - Review pre-contract enquiries – a buyer’s conveyancer might want to ask the seller’s conveyancer to confirm that they have carried out appropriate identification procedures and due diligence in accordance with the Money Laundering Regulations 2017 and Law Society’s Conveyancing Protocol requirements - Review the policy on whether the firm is prepared to act for clients that it cannot meet - Remain vigilant, be prepared to question a client and always ask the question: ‘Does it all add up?’ - Use the ‘red flag’ checklist and apply it to every conveyancing file - Be prepared to advise buyer clients of the risk and consider whether to offer the buyer fraud indemnity insurance - Consider using electronic AML search facilities, such as Smart Search, to back up due diligence procedures Look out for the updated Law Society’s Conveyancing Protocol (not available at the time of writing) and any changes that the Law Society may make to the Code for Completion by Post as a result of Dreamvar. In the words of Jeremy Cousins QC and Peter Dodge, who acted for Mishcon: ‘Prevention of fraud is better than cure and conveyancers are on the front line.’.
Rob Hailstone, CEO, Bold Legal Group produced this article with additional input from Lorraine Richardson (M.A. Cantab), an experienced property solicitor and freelance legal trainer. You can contact Rob at rh@boldgroup.co.uk and Lorraine at ldrichardson520@gmail.com.
The Bold Legal Group has produced a comprehensive list of the red flags. To obtain a copy, please drop me a line.
What should firms do? Conveyancers must act to urgently review their client identification and dule diligence procedures.
”
Despite being warned of Use of the Code for Completion by Post acts as the risks as far back as 2010, confirmation by the seller’s conveyancer that they act for the true seller – as Patten LJ observed: “The purchaser’s firms are still being caught, own solicitors will not be in the position to carry out their which implies that the message own due diligence and can reasonably expect the vendor’s might not be getting through.
”
SmartSearch Supplement | 23
”
If a client has a good idea for an improvement, SmartSearch will modify the platform and that change will benefit all clients, automatically, with no extra charge.
”
A platform for change Compliance with the Money Laundering Regulations can present law firms both large and small with a complex set of policies and procedures, with the Know Your Customer (KYC) obligations presenting the most burdensome aspect of the regulations. Verifying business or corporate clients can be extremely challenging and time-consuming, with most firms using multiple data sources, both on and off-line, and a mixture of documents and software platforms. The requirement to verify directors, partners, ultimate beneficial owners, persons of significant control and the need to establish the ownership, purpose and control of the entity, can mean that firms literally spend hours attempting to comply with the regulations. But this process can be simplified, streamlined and future proofed by using a dynamic electronic verification platform. Our platform has been designed as a ‘One Stop Shop’ for all the AML, anti-fraud and KYC needs of law firms.
When a law firm needs to check an individual using documents, this can be a risky process and it can take several days and in many cases, could also include costs for recorded delivery postage - for both the client and the firm - as well as time to scan upload and save into a Client Management System. When it comes to business checks, a typical law firm can take more than 60 minutes to collate, compile and verify a business, identify shareholders, beneficial owners, persons of significant control and four directors, using traditional methods such as Companies House, Identity Documents and Sanction/PEP screening, etc.
The AML regulations require a ‘risk-based approach’ to customer verification, and law firms who use the SmartSearch platform are able to quickly and easily verify all new clients, whether they are individuals or corporate clients, based in the UK or overseas.
By removing the countless information systems and service providers needed when completing manual checks, SmartSearch can reduce the time taken for an Individual AML check to two seconds and a business check to less than two minutes, meaning that law firms are able to start work with new clients immediately.
The SmartSearch platform has integrated AML, anti-fraud and KYC datasets into a single platform, which means law firms no longer need to use documentary evidence in their AML processes
Not only this, but where other electronic AML systems simply produce a fail result on sanction & PEP matches, requiring the law firm to conduct its own enhanced due diligence. SmartSearch delivers all of the relevant
24 | SmartSearch Supplement
information to enable this to be done immediately. The platform also provides a daily monitoring service. But it hasn’t always been like this. When SmartSearch was launched in 2012, it delivered a standard AML verification service for individuals, and a simple Sanction & PEP pass or fail check. And while at the time, this was a welcome advancement in the fight against money laundering, SmartSearch learnt very quickly that if it wanted to dominate this service sector of AML, KYC and Customer Due Diligence compliance, it needed to be dynamic, and continually develop the system so that it a) went above and beyond what was already available and b) was dynamic enough to always be one step ahead. So, since 2012, SmartSearch has continually developed, improved and advanced the capabilities of its original verification platform to ensure it remains the market leader in electronic AML solutions. One of the biggest developments was recruiting Dow Jones’ as our Data Partner and the use of their Worldwide Factiva Watch-list database; this enabled the platform to offer the most comprehensive sanction and PEP checking available along with a ‘daily monitoring’ service. Other developments include working with Companies House, so that all documents filed can be retrieved directly from the SmartSearch platform, with an alerts service when any new documents, such as annual returns, have been filed. More recent additions to the platform include an additional Data Partnership with Equifax, allowing SmartSearch to operate on a ‘Multi-Bureau’ basis and the addition of a Due Diligence Dashboard, providing at a glance, a real-time view of the number of customers being monitored on a daily basis. And one of the most important and successful innovations since the launch of the platform is SmartSearch AML – a fully integrated app to allow AML checks to be carried out remotely and documents to be verified. All registered SmartSearch users can perform real-time AML checks on their iPhone, Android or tablet when they are out and about with clients.
”
The app reads the name, full address and date of birth from the driving licence, all the user adds is their title (Mr, Mrs, Miss, etc.) and press send. The SmartSearch AML App then validates the information against the credit reference databases and automatically screens the person against worldwide sanction and PEP watch-lists which contain around 2.5 million data subjects. The results are delivered back to the user in seconds with a green tick or a red cross and the search outcome details are then automatically uploaded into the full SmartSearch system back at the office, for the rare occasions that enhanced due diligence needs to be performed. These apps comes at no additional cost – all current and future users will automatically have access to SmartSearch AML as well as Smart IDV, which can be used by International Clients. And it is this constant stream of improvements and advancements that really set SmartSearch apart. Where other AML platforms offer their clients a service that doesn’t change, requiring the users themselves to upgrade or change platform provider to ensure they are still meeting the ever-changing AML regulations, SmartSearch is constantly evolving. Every time there is a change in regulation, the SmartSearch platform is amended to incorporate that change. If a client has a good idea for an improvement, SmartSearch will modify the platform and that change will benefit all clients, automatically, with no extra charge, as John Dobson, chief executive at SmartSearch explains: “New clients who have previously used other platforms are always impressed with how intuitive the system is but also, by how dynamic it is. They will say to us ‘but what happens in five years’ time?’ ‘What system will be available then?’ We say ‘this one!’ and they are always surprised that we are able to offer a future-proof system; where legacy is a thing of the past. “The SmartSearch platform has been developed with userfriendliness and ease of use at the top of the agenda, and designed to allow constant developments to ensure we are always at the forefront of AML. Clients who use SmartSearch can be confident that they have a platform that will provide a lifelong solution to their AML needs”.
One of the biggest developments was recruiting Dow Jones’ as our Data Partner…this enabled the platform to offer the most comprehensive sanction and PEP checking available.
”
SmartSearch Supplement | 25
”
These layered solutions provide firms with an invaluable early warning that fraud may be being attempted...
”
Layer Cake David Higginson, Senior Identity and Fraud Consultant at Equifax discusses the ease and availability of false documentation and what multi-layer, alternative methods are available to regulated firms to confirm identity and mitigate fraud risk. Type ‘false identity documents’ into any internet search engine and a myriad of results are returned, ranging from sites offering to supply such services, to news stories on organised crime groups being broken up by law enforcement.
It’s not just mainstream identity documents on offer but also falsified payslips or P60s that could be used to ‘prove’ an individual’s income, perhaps in relation to a mortgage or other loan application.
Searches also reveal open links to well-known video sharing sites providing instructions to would be fraudsters on how to make all manner of fake identity documents, including driving licenses, passports and identity cards.
Those savvy enough to look further and gain access to the lower echelons of the internet, i.e. the dark web, will find a richer seam of individuals and groups who not only trade in fake documentation but provide help and guidance to those intent on committing fraud for personal gain.
Too much effort? Then why not get someone to make one for you? Again a simple web search displays a number of providers more than willing to supply a range of identity documents, often under the guise of novelty items “designed to impress your friends”
A good example from the open web was the website confidentialaccess.com. Badged as the “gold star service for identity thieves” it offered bespoke, near-perfect forged documents that allowed criminals to hijack a victim’s life. The site provided all manner of fake identity
26 | SmartSearch Supplement
documentation and even offered fake receptionists to impersonate a victim’s employer. The site worked on a trust basis. The more that was spent, or the more knowledge shared, the greater access it allowed to its services in exchange. This included the “Platinum Profile” which provided an entire set of documents in the name of an innocent victim. Law enforcement finally caught up with the owners of the site, and four co-conspirators were given sentences of up to nearly seven years in prison. Police later revealed the site had 11,000 active ‘customers’. More recently fake document factories are also known to offer their services via social media, with sellers actively targeting lower age groups. Why the popularity? As crime figures show, identity fraud is a global problem fuelled by the growth in technology, making it difficult for regulators and law enforcement to keep up with. False documentation allows criminals to create new personas or assume the identities of others to commit financial crime. It ranges from opportunists, firing out random loan applications from their bedroom, to organised crime networks intent on carrying out industrial levels of fraud. The threat only increases in the digital world where fraudsters can easily target the financial services industry in the widely held belief that it’s a high reward, low risk enterprise. Often it is. But it’s not just fraudulent applications. The use of false identities can be exploited to help launder proceeds of crime such as drug trafficking, extortion and corruption. How can regulated firms fight back and at the same time ensure compliance? It’s a complex problem that should be tackled using a multi layered approach. Electronic identity (EID) is now seen as a robust alternative to using traditional paper based documentation to confirm identity, and removes the paper chase from the verification process. Gone is the risk associated with individuals having to provide original or copy documents as justification of their identity. EID is quicker, inexpensive and safer. It can identify individuals using a range of comprehensive data sources which adds breadth and depth to the verification process. Current guidance fully supports the use of EID but requires firms to use datasets that provide an assessment of both the positive and negative aspects of any given identity. From a positive perspective this could include information
”
from a wide range of datasets including the current electoral roll, credit agreement records (e.g. mortgages, current accounts, credit cards) phone and bank account records. Negative data sources help highlight any riskier aspects associated with an identity, which comes back to the benefits of layered fraud protection. EID can provide access to a comprehensive range of confirmed fraud databases such as CIFAS or SIRA. Based on a consortium model these platforms offer access to fraud intelligence data shared at a national level by contributing members. These datasets provide unique access to a wide range of fraud types, including where false documentation has been used to commit identity fraud. This includes access to Amberhill - the Metropolitan Police’s list of false identity documents recovered from criminal groups. Death registers and forward linked address markers that could indicate potential fraud are also available. Firms are encouraged to consider additional controls to a standard EID check, as the risk of impersonation is still present. Typically this involves using knowledge based authentication (KBA) to ask a series of challenge and response questions that only the true owner of that identity would be able to answer. Combined together, this approach provides a high level of confidence that the individual is who they say they are. For digital channels, the layered approach can be extended further to assess the risk from individual devices, such as smartphones, laptops and PCs used in the application or account management journey. These new verification services aim to identify any inconsistencies with the device itself e.g. geo location mismatches between the visible source of the device and its actual location. Again using a consortium based model, these solutions can identify at a global level if the device or series of linked devices has been associated with fraud in the past. Similar services can now assess the risks associated with a particular email address as well. These layered solutions provide firms with an invaluable early warning that fraud may be being attempted, and determine whether to apply additional checks and balances as part of an enhanced due diligence check. The risk posed by fraudulent documentation isn’t something that’s going to go away. However there are robust, tried and tested, electronic alternatives which provide quantifiable benefits, not only in terms of cost reduction and efficiency but also from a compliance and risk management perspective.
There are robust, tried and tested, electronic alternatives which provide quantifiable benefits, not only in terms of cost reduction and efficiency but also from a compliance and risk management perspective.
”
SmartSearch Supplement | 27
The Balance of Powers
On 1 August 2018, the United States Office of Foreign Assets Control (OFAC) designated Turkey’s Justice and Interior Ministers under its Global Magnitsky sanctions program for their ‘unjust detention’ of Pastor Andrew Brunson. While one could debate whether or not this action was an abuse of the program, that was intended to affect those accused of human rights abuses, it does surface a more basic set of issues: how can those listed by sanctioning bodies assert their rights to challenge their designations? Also, do those processes appropriately balance the rights of both the designated and the designating body? Eric A. Sohn, Dow Jones Risk & Compliance in the USA, reports. While there is a robust administrative process at the United Nations (UN) for requests for de-listing from sanctions lists, the universal nature of those designations (to be implemented by all UN Members) makes them accepted as apolitical and unbiased. The same is not necessarily true when designations are made by individual countries or regional groups. To that end, the differences in the approaches taken by two of the largest sanctions issuers, the EU and the US, highlight the dilemma faced in designing processes which properly balance the needs of sovereign states and that of those swept up in sanctions designations.
EU and US sanctions: a study in contrasts The governance differences between the United States and the European Union drive the differences in how sanctions designations are challenged. People and organizations in the E.U. are designated as part of a legislative process, which ultimately results in a European Commission or Council Implementing Regulation that includes the lists of new and amended sanctions listings. For sanctions targets, the remedy is a judicial one; the General Court of the European Union may be petitioned to have the designations revoked.
28 | SmartSearch Supplement
In contrast, OFAC designations are administrative in nature. A Presidential Executive Order establishes a sanctions program and delegates designation authority to Cabinet officials. Ultimately, after the promulgation of OFAC regulations, OFAC’s targeting division determines who should be added to the program. And, to be removed from OFAC’s sanctions, one must apply to OFAC for an administrative review. If the review is denied, there is no recourse other than to re-apply. It would be nice to know whether the E.U. model or the U.S. model represents the norm. Unfortunately, with a relatively small population of major sanctions issuers outside of the UN, the results are mixed. Both Australia and Canada treat sanctions administratively (with deference to the UN Focal Point for De-listing, for designations that are promulgated by UN Sanctions Committees), with no judicial review. On the other hand, the United Kingdom’s current Terrorist Asset-Freezing etc Act 2010 (TAFA), and the recently-enacted Sanctions and Anti-Money Laundering Act 2018, both provide judicial relief. While the UK’s choice of appeals process may be a result of its familiarity with its experience as part of the EU, it remains a counter point to how sanctions appeals are handled outside Europe.
The needs of the many or of the few? It may seem that the judicial venue to appeal a sanctions designation is inherently superior to that of an administrative remedy. After all, if the designating authority is the same as that hearing the appeal, the process does not appear to be impartial. If the Government is indeed being capricious or vindictive in its designation process, an administrative review would appear to stack the deck against the claimant. Yet, the judicial appeal route is not without its own potholes. From a process perspective, a governmental agency may be hamstrung in its ability to justify a designation without divulging confidential sources and/ or data collection methods. Permitting those investigative assets to be divulged such that they can be challenged by the claimant’s counsel, even in a sealed proceeding, can endanger the lives of those people and preclude the effective use of those specialized methods in the future. A more basic hurdle, however, is overcoming the deference shown to sovereign nations to conduct their foreign and security policies as they see fit. Even if a claimant can show what appears to be compelling evidence that it does not meet the criteria under which it was sanctioned, since the state may not be able to present its counter claims in a matter fair to both parties, a judicial review process would be, at best, hard-pressed to find for the claimant. And that perceived lack of transparency and justice would appear to be as biased as that of an administrative process. Even with these caveats, a judicial review process may appear fairer because, if for no other reason, the arbiter is a disinterested party – even if it is not, in fact, actually more free of bias.
Time to (task)force the issue? So, should the remedies available to sanctioned persons and organisations, both the administrative and judicial appeals ones, be reviewed and improved to better balance the needs of both parties in the service of producing fair, unbiased results? If so, how? In the short term, in theory, one can trust that sanctions designation review processes, whether judicial or
”
administrative, are less biased in countries evaluated as obeying the rule of law. There are a number of sources, such as the World Justice Project Rule of Law Index, or the reports produced by Freedom House, which provide useful starting points for analysis and discussion. This, however, seems relatively slapdash and improvisational – and not very satisfying. What would aid the attainment of the above goal most would be the promulgation and implementation of standards for such reviews. The logical place to look towards for such an effort would be the Financial Action Task Force (FATF), which already defines and monitors compliance with standards for national anti-money laundering and counter-terrorism financing (AML/CTF) regulation and oversight. FATF would not need to choose between administrative and judicial review; it could promulgate standards for both. It could then leverage its existing processes to review each country’s adherence to these standards, and report on the level of compliance, on a periodic basis. While it may not necessarily ensure a fair hearing of each individual claimant’s case, such an effort would, at least, produce a demonstrable level of consistency with an agreed-upon standard. And deviations from those standards could be captured in the periodic report that FATF currently produces about each country’s level of compliance with its AML/CTF standards.
A matter of trust Ultimately, the acceptance of the results of a process, whether administrative, legislative, judicial or otherwise, relies on a perception that the process is fair, to the extent that it can be. When the parties are sanctioned by a foreign government, the sanctions targets have no basis in which to assess fairness in processes that have no way to certify its lack of bias. The adherence to agreed-upon standards for appeal processes is a logical way, especially given FATF’s example of success in the AML/CTF realm, to present such a level playing field.
Eric A. Sohn, CAMS
is the Director of Business Product, Dow Jones Risk & Compliance in the USA.
Ultimately, the acceptance of the results of a process… relies on a perception that the process is fair, to the extent that it can be. When the parties are sanctioned by a foreign government, the sanctions targets have no basis in which to assess fairness in processes that have no way to certify its lack of bias.
”
SmartSearch Supplement | 29
30 | SmartSearch Supplement
DO YOU KNOW THE TRUE IDENTITY OF YOUR CUSTOMERS?
Our AML check will confirm it in 5 seconds! Business checks take a little longer; 1-2 minutes! We use the very best quality data to deliver our AML identity check for a result you can rely on. Sanction & PEP screening is automatically included along with Daily Monitoring and Automated Enhanced Due Diligence all at no additional cost.
Call us now to book a free demonstration on:
0113 333 9835 Or visit us online:
POWERED BY
SMARTSEARCHUK.COM SmartSearch delivers UK and International Business checks in the UK and International Markets with inclusive Worldwide Sanction & PEP screening, Daily Monitoring, Email Alerts and Automated Enhanced Due Diligence.
SPEED UP YOUR AML SERVICE WITH SMARTSEARCH
Improve the performance of your AML, Sanction & PEP processes, automate most of your Enhanced Due Diligence and enable your compliance team to come out of their shell. We deliver AML, Sanctions & PEP checks “all-in-one� search, individual checks take 5 seconds, business checks take a little longer, 1-2 minutes! Daily Monitoring of all you clients for Sanction & PEP changes for the lifetime of your contract is included at no extra cost. Automatic Enhanced Due Diligence, Biography, Adverse Media and Photographic Evidence is also included in your basic AML search price.
Call us now to book a free demonstration on:
0113 399 6010 Or visit us online:
POWERED BY
SMARTSEARCHUK.COM SmartSearch delivers UK and International Business checks in the UK and International Markets with inclusive Worldwide Sanction & PEP screening, Daily Monitoring, Email Alerts and Automated Enhanced Due Diligence.